Merge 43079320a2 into 9df4ea095f

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](20cf305ff2...e3f713f2d8)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/dependencies.yml

@@ -13,7 +13,7 @@ jobs:
       contents: write # this is needed to push commits and branches
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 

.github/workflows/installer.yml

@@ -26,7 +26,7 @@ jobs:
           - macos-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
@@ -47,7 +47,7 @@ jobs:
       - test
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 

.github/workflows/main.yml

@@ -24,7 +24,7 @@ jobs:
     if: github.repository == 'ohmyzsh/ohmyzsh'
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 

.github/workflows/project.yml

@@ -17,7 +17,7 @@ jobs:
     if: github.repository == 'ohmyzsh/ohmyzsh'
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
       - name: Authenticate as @ohmyzsh

.github/workflows/scorecard.yml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
@@ -60,6 +60,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789 # v4.31.11
+        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
         with:
           sarif_file: results.sarif

plugins/vault-switch/README.md

@@ -0,0 +1,29 @@
+# Vault-switch plugin
+
+## Description
+
+This plugin can switch among nodes of Vault - HashiCorp  
+
+## Configuration
+
+For using a plugin you should add VAULT_NODES to **~/.zshrc**
+Variable **VAULT_NODES** must look as  
+
+```bash
+VAULT_NODES="node1,https://vault1.example.com,secret_token1;node2,https://vault2.example.com,secret_token2"
+```
+
+If you want to skip verify checking of ssl then add true to end of the string.
+
+```bash
+VAULT_NODES="node1,https://vault1.example.com,secret_token1,true;node2,https://vault2.example.com,secret_token2"
+```
+
+Name of a node, address, token  are separating comma. Other nodes separate semicolon.  
+After need to add the name of the plugin to **~/.zshrc** to variable **plugins=(vault-switch)**
+
+**Example usage:**
+
+![vault-switch](example.png)
+
+State of restoring stored in **~/.vault-switch/credentials**  

plugins/vault-switch/vault-switch.plugin.zsh

@@ -0,0 +1,57 @@
+autoload -U add-zsh-hook
+add-zsh-hook precmd _restore_cache
+
+FILE_CREDENTIALS="${HOME}/.vault-switch/credentials"
+
+_restore_cache(){
+    [ ! -d ${HOME}/.vault-switch ] && mkdir -p ${HOME}/.vault-switch
+    [ ! -f $FILE_CREDENTIALS ] && touch ${FILE_CREDENTIALS}
+    source ${FILE_CREDENTIALS}
+}
+
+_get-nodes(){
+    IFS=";" read -A NODES <<< ${VAULT_NODES}
+}
+
+_set-color(){
+    echo "\e[1;32m$1\e[0m"
+}
+
+_list-nodes(){
+    INDEX=1
+    for i in  ${NODES[@]}
+    do
+        NODE=$(echo $i | cut -d "," -f 1)
+        [[ "${NODE}" == "${VAULT_SELECT_NODE}" ]] && ASTERISK="*"
+        echo "${INDEX}) ${NODE} $(_set-color ${ASTERISK})"
+        INDEX=$[$INDEX+1]
+        unset ASTERISK
+    done
+}
+
+_set-work-node(){
+    if  [ $1 -gt ${#NODES[@]} ]
+    then
+        echo "Number of node not found"
+    else
+        VAULT_SELECT_NODE=$(echo ${NODES[$1]} | cut -d "," -f 1)
+        VAULT_ADDR=$(echo ${NODES[$1]} | cut -d "," -f 2)
+        VAULT_TOKEN=$(echo ${NODES[$1]} | cut -d "," -f 3)
+        VAULT_SKIP_VERIFY=$(echo ${NODES[$1]} | cut -d "," -f 4)
+
+        echo > ${FILE_CREDENTIALS}
+        echo "export VAULT_SELECT_NODE=${VAULT_SELECT_NODE}" >> ${FILE_CREDENTIALS}
+        echo "export VAULT_ADDR=${VAULT_ADDR}" >> ${FILE_CREDENTIALS}
+        echo "export VAULT_TOKEN=${VAULT_TOKEN}" >> ${FILE_CREDENTIALS}
+        [[ $VAULT_SKIP_VERIFY ]] && echo "export VAULT_SKIP_VERIFY=true" >> ${FILE_CREDENTIALS}
+
+        _list-nodes
+    fi
+
+}
+
+vault-switch() {
+    _get-nodes
+    [ ! $1 ] && _list-nodes
+    [ $1 ] && _set-work-node $1
+}